It might be useful for security auditing purposes list all possible
mount flags/options including default set which are normally not listed.
This patch adds "--vfs-all" option to list all fs-independent flags
on VFS-OPTIONS column, as well as libmount funcionality to accomplish
it.
i.e.:
$ findmnt -o VFS-OPTIONS
VFS-OPTIONS
rw,relatime
rw,nosuid,nodev,noexec,relatime
rw,nosuid,nodev,noexec,relatime
ro,nosuid,nodev,noexec
...
$ findmnt --vfs-all -o VFS-OPTIONS
VFS-OPTIONS
rw,exec,suid,dev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
ro,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,norelatime,nostrictatime,nolazytime,symfollow
...
[kzak@redhat.com: - cleanup coding style and comments]
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
A new API was added to libcryptsetup to make use of the kernel's new
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG feature, which allows to sign
root hashes. Add a verity.roothashsig option to use it.
Device reuse will be allowed only if signatures are used by all, or
by none.
Allow users to point mount to a file to read the roothash, in addition
to passing it inline.
Allows a volume managed by a systemd mount unit to be updated without
changing the mount unit content itself, for easier and more user friendly
servicing.
The following new options are added:
verity.hashdevice
verity.roothash
verity.hashoffset
The source path will be used as a dm-verity object, and will be
opened using libcryptsetup APIs.
A new --with-cryptsetup build-time option is added, which adds a
dependency on libcryptsetup. To ease bootstrapping, given libcryptsetup
build-depends on util-linux for libuuid, if --with-cryptsetup=yes but
libcryptsetup is not installed only a warning will be printed at
configure time rather than an error. This way stage0/first stage/ring0
builds can use the same configure options but avoid installing
cryptsetup to get a working base set, and then rebuild util-linux in
the next step of the boostrapping process.
If verity options are selected but cannot be fullfilled due to lack of
dependencies, mounting a volume will fail even if using a loop device
would work as a fallback, to avoid silently skipping integrity checks.
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
* add set/get functions to context
* use prefix to detect already mounted filesystems
* use prefix when prepare target path
Signed-off-by: Karel Zak <kzak@redhat.com>
* Added member 'struct libmnt_table *tab' to libmnt_fs structure.
* Added 'mnt_fs_get_table()'.
* Removed overhead from 'mnt_table_{insert,move,remove}_fs().
* Added check to 'mnt_table_set_iter()' that entry is member of table.
[kzak@redhat.com: - add to libmount.sys
- add to docs
- cleanup commit message
- set fs->tab = NULL before mnt_unref_fs() in mnt_table_remove_fs()]
Signed-off-by: Tim Hildering <hilderingt@posteo.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
Add functions to insert FS into table to specified position and to
move FS between two tables.
Co-Author: Tim Hildering <hilderingt@posteo.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
This patch add to support for remount-all operation to
libmount and mount(8).
For example:
mount --all -o remount,ro -t vfat
to remount read-only all VFAT filesystems.
Addresses: https://github.com/karelzak/util-linux/issues/589
Signed-off-by: Karel Zak <kzak@redhat.com>
It's pretty complex task to make mount(8) and umount(8) return code
and generate error message. It seems better to do that in the libmount
rather than force all library users to duplicate mount(8) mk_exit_code()
functions. It also means that all the messages will be translated only
once. Changes:
* all error messages are printed by warn()
* no more multi-line messages
* all messages prefixed by mount target (mountpoint)
* library provides mount(8) compatible MNT_EX_* codes
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1429531
Signed-off-by: Karel Zak <kzak@redhat.com>
This feature is supported by mount(8) only. It seems better move
this code to libmount. The results is more simple mount(8) and the
feature is accessible for all libmount users.
Signed-off-by: Karel Zak <kzak@redhat.com>
Let's use optstr.c functions to parse pattern and options strings.
It's more robust that the old original mount(8) code and it supports
quotes in the options strings.
Signed-off-by: Karel Zak <kzak@redhat.com>
Looks like it got lost in ce4dd666.
Compiler warning discoverd this issue:
libmount/src/fs.c:1171:5: warning: no previous prototype for 'mnt_fs_set_priority' [-Wmissing-prototypes]
int mnt_fs_set_priority(struct libmnt_fs *fs, int prio)
^
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
When mounting btrfs volume without subvol= and subvolid=, and the
btrfs volume has default subvolume defined, mount() mounts the default
subvolume and not the volume root as other filesystems do.
To handle this situation correctly (for example for "mount -a"),
libmount has to be capable to detect default subvolume.
Add btrfs.c and btrfs.h that implement needed functions.
This patch adds mnt_table_find_target_with_option() to the library API.
Known problems not covered by this patch:
- Use of subvolid= in fstab is not yet handled.
- Use of type auto in combination with subvol= in fstab is not yet
handled.
- Use of btrfs in loop devices, where image file is specified in fstab is
not yet handled (use of /dev/loop0 in fstab works).
- If fstab uses subvol=, and subvol path changes since last "mount -a",
subsequent "mount -a" will not recognize that it is already mounted,
and it will attempt to mount it second time. To fix it, libmount should
remember subvolid in time of mount (subvolid is unique for the
subvolume, subvol is not).
- mountinfo contains subvol and subvolid since kernel 4.2. Before kernel
4.2, there is no reasonable way to solve this situation. (One would
create temporary mount point, mount the default, call needed ioctl() to
determine what was mounted, deduce the default subvolume, compare it
with subvolume of mounted volume, unmount and return result.)
How to reproduce:
truncate -s1G btrfs_test.img
mkdir -p btrfs_mnt
/sbin/mkfs.btrfs -f -d single -m single ./btrfs_test.img
mount -o loop btrfs_test.img btrfs_mnt
pushd .
cd btrfs_mnt
mkdir -p d0/dd0/ddd0
cd d0/dd0/ddd0
touch file{1..5}
btrfs subvol create s1
cd s1
touch file{1..5}
mkdir -p d1/dd1/ddd1
cd d1/dd1/ddd1
btrfs subvol create s2
rid=$(btrfs inspect rootid s2)
echo new default $rid
btrfs subvol get-default .
btrfs subvol set-default $rid .
popd
umount btrfs_mnt
losetup /dev/loop0 $PWD/btrfs_test.img
echo "/dev/loop0 $PWD/btrfs_mnt btrfs defaults 0 0" >>/etc/fstab
mount -a
mount -a
umount btrfs_mnt
sed -i "/\/dev\/loop0/d" /etc/fstab
losetup -d /dev/loop0
rm btrfs_test.img
rmdir btrfs_mnt
Current behavior:
mount: /dev/loop0 is already mounted or /root/btrfs_mnt busy
/dev/loop0 is already mounted on /root/btrfs_mnt
Expected behavior is to ignore already mounted FS.
[kzak@redhat.com: - make 'var' optional for mnt_table_find_target_with_option(),
- add mnt_table_find_target_with_option() to symbols table and docs
- add "btrfs" string between supported debug modes
- minor coding style changes]
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
Cc: David Štěrba <dsterba@suse.cz>
Signed-off-by: Karel Zak <kzak@redhat.com>
The patch introduces mnt_monitor_enable_*() functions (now for
userspace only) to make the API easy to use for high-level purpose.
Signed-off-by: Karel Zak <kzak@redhat.com>
It's usually enough to us [e]poll() to monitor kernel mount table, but
there is no way how to monitor changes in userspace mount options
(e.g. _netdev). The management of these mount options is completely
hidden in libmount and /rub/mount/utab is private libmount file.
This patch introduces new libmnt_mount API to monitor also userspace
mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
It seems that gtk-docs stuff is confused when we use version.xml
(package version) and xml/version.xml (library version functions).
Signed-off-by: Karel Zak <kzak@redhat.com>
* mnt_new_fs() returns object with refcount=1
* mnt_free_fs() does not care about reference counter
* new functions mnt_ref_fs() and mnt_unref_fs()
* mnt_table_add_fs() and mnt_table_rem_fs() uses reference counter
* libmmnt_context uses reference counter for internal FS (as it could be
shared outside the context)
* backwardly incompatible change:
- FS could be deallocated after mnt_table_remove_fs()
* it's recommended to use mnt_unref_fs() after mnt_table_add_fs()
Signed-off-by: Karel Zak <kzak@redhat.com>
Currently you have to use mnt_table_remove_fs() + mnt_free_fs() to
destroy the list in the table. This is complicated in same situations.
This patch allows to use mnt_free_fs() only.
Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak
Roberto Bergantinos Corpas
Luca Boccassi
Tim Hildering
Vaclav Dolezal
Ruediger Meier
Sébastien Helleu
Stanislav Brabec
Sami Kerola